OAuth with Verify Access

Description

The example YAML file provided below contains a basic YAML configuration for an IBM Application Gateway (IAG) container which:

  1. Specifies a server certificate;
  2. Configures an IBM Security Verify Access environment as the OAuth introspection endpoint;

Example YAML

version: "23.04"

#
# Configure an IAG container with a very basic configuration.  This 
# configuration will simply define a server certificate, and configure an IBM 
# Security Verify Access environment as the OAuth introspection endpoint.
#

#
# Specify a server certificate to be used by the container.  The server 
# certificate was created using an openssl command:
#  openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 \
#        -out cert.pem
#
# To remove the dependency on external files a base-64 representation of the
# key.pem and cert.pem files can be embedded within this YAML, where the 
# base-64 encoded file is prefixed with 'B64:', for example: 
#   "B64:PGhy4KICAgIDxoND5...."
# 
# If no certificate is specified a self-signed certificate will be 
# automatically created and used by the container.
#

server:
  ssl:
    front_end:
      certificate: 
        - "@cert.pem"
        - "@key.pem"

#
# Specify an IBM Security Verify Access environment as the OAuth introspection 
# endpoint for the container.  Please note that the values provided below are 
# for illustrative purposes only and don't reflect a real environment. 
#

identity:
  - name: VerifyAccess
    attributes:
      - +*
    client_id: c10e5e0b-1019-49b8-b7e2-600af9310e010
    client_secret: t21bxcYY92
    introspection_endpoint: "https://www.myidp.ibm.com/mga/sps/oauth/oauth20/introspect"
    mapped_identity: "{sub}"
    multi_valued_scope: true
    restricted: false
    token_type_hint: access_token
    auth_method: client_secret_post
    ssl:
      certificate: 
        - "@cert.pem"